LinkedIn confirms password security breach

A hacker claims to have stolen 6.5 million passwords from Mountain View professional networking company LinkedIn. (Paul Sakuma/AP)

Update, 1:18 p.m.: LinkedIn confirmed Wednesday afternoon that some of its users’ passwords had been compromised, though the company did not specify how many.

Users whose passwords were compromised will no longer be able to sign in to the professional networking service, the company said on a blog post.

Those users will also receive two emails from LinkedIn: one that explains — without links — how to reset a password, and one that elaborates on why a password change is necessary.

Users should not follow any emails about resetting passwords that include links, the post warns. Spammers hoping to take advantage of the password security breach could lure users to give up information for fraudulent uses.

_______

A hacker claims to have stolen and published about 6.5 million passwords of LinkedIn users on a Russian Web forum, prompting the Mountain View company to investigate a possible security breach.

“Our team continues to investigate, but at this time, we’re still unable to confirm that any security breach has occurred,” the professional social networking company posted on Twitter. “Stay tuned here.”

Some of the published passwords — san!francisco!, salasanalinkedin, wwwLinkedIn — suggest a connection to the website. Mikko Hypponen, chief research officer at F-Secure, a data security company, posted those and other possibly stolen passwords to his Twitter account, including nathanlinkedin, linkedintrouble, hondalinkedin, eaglelinkedin, springlinkedin, B1uesC1ues, T1msux!, and M4nu3l.-.

LinkedIn first posted on Twitter just after 6 a.m. to say they were investigating the possible breach. The company tweeted a second time after 8 a.m. to say the investigation was ongoing, and a spokeswoman redirected e-mail inquiries to the company’s Twitter account.